Skip to content

Commit

Permalink
Add error handling for cipher decryption
Browse files Browse the repository at this point in the history
  • Loading branch information
quexten committed Jan 9, 2024
1 parent 01aca35 commit 63ca3f2
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions agent/bitwarden/crypto/encstring.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,12 @@ func DecryptWith(s EncString, key SymmetricEncryptionKey) ([]byte, error) {
if !isMacValid(msg, s.MAC, macKeyData) {
return nil, fmt.Errorf("decrypt: MAC mismatch")
}
} else if s.Type == AesCbc256_B64 {
return nil, fmt.Errorf("decrypt: cipher of unsupported type %q", s.Type)
}

if len(s.IV) != block.BlockSize() {
return nil, fmt.Errorf("decrypt: invalid IV length, expected %d, got %d", block.BlockSize(), len(s.IV))
}

mode := cipher.NewCBCDecrypter(block, s.IV)
Expand All @@ -168,7 +174,13 @@ func DecryptWith(s EncString, key SymmetricEncryptionKey) ([]byte, error) {

func EncryptWith(data []byte, typ EncStringType, key SymmetricEncryptionKey) (EncString, error) {
encKeyData, err := key.EncryptionKeyBytes()
if err != nil {
return EncString{}, err
}
macKeyData, err := key.MacKeyBytes()
if err != nil {
return EncString{}, err
}

s := EncString{}
switch typ {
Expand Down

0 comments on commit 63ca3f2

Please sign in to comment.